Beat the Scam Scam checks, alerts, and consumer protection guides
Home / Guides / Tech Support Scams / SIM Swap Fraud UK: How Scammers Hijack Your Phone Number
Tech Support Scams

SIM Swap Fraud UK: How Scammers Hijack Your Phone Number

Your phone number is the key to your digital life — and criminals know it. SIM swap fraud can drain your bank account in minutes.

· · 7 min read

SIM swap fraud UKSIM swapping scamphone number hijackingmobile network fraudbank account takeover
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.
On this page
  1. What is this scam?
  2. Warning signs to look for
  3. How this scam works step by step
  4. How to verify if it is genuine
  5. What to do if you have already interacted
  6. Reporting this scam in the UK

What is this scam?

SIM swap fraud is a targeted attack where criminals use stolen personal information to contact your mobile network and convince them to transfer your phone number to a new SIM card. Once the scammer has your number, text messages and calls intended for you go to them instead. This breaks the two-factor authentication (2FA) that protects your email, banking apps, and social media accounts. The attacker then uses the intercepted codes to reset passwords, access your bank account, and transfer money out.

It's not a mass-mailing scam — criminals specifically research and target individuals they believe have money or valuable digital assets. UK victims have lost thousands of pounds in minutes, often discovering the theft only when their bank alerts them to unusual transactions or when they can't access their own accounts.

Warning signs to look for

  • Your mobile phone suddenly loses signal or stops receiving calls and texts, even though you haven't changed your SIM card.
  • You receive unexpected emails saying your password has been changed or your email account has been accessed from an unfamiliar location.
  • Your bank sends you authentication codes you never requested, or alerts about login attempts you didn't make.
  • Customer service staff at your bank or email provider tell you someone else recently tried to access your account.
  • You spot fraudulent transactions in your bank account that you absolutely did not authorize.
  • Your social media accounts (Facebook, Instagram, LinkedIn) become inaccessible, and you can't reset the password because the recovery email or phone number is not working.
  • You receive calls from your mobile network asking to confirm you recently requested a SIM change — but you did not.
  • Friends or family report that they can't reach you by phone, but you have full signal and your phone is working normally.

How this scam works step by step

The scam begins with reconnaissance. Criminals buy stolen personal data (your name, address, date of birth, sometimes even the last four digits of your bank account) from the dark web, or they use social engineering to extract information from you via fake phishing emails or calls. Armed with this data, they contact your mobile network (O2, Vodafone, EE, Three, etc.) and either call customer service or visit a physical store. They pose as you and claim they've lost their phone, damaged their SIM, or switched to a new phone — a completely routine request.

The network staff, satisfied with the 'verification' information, then provision a new SIM card to the attacker and deactivate your existing one. Your phone immediately goes offline. The scammer now controls your number and receives all incoming calls and texts meant for you. They use this access to trigger password resets on your email, online banking, cryptocurrency exchanges, and other high-value accounts. Once inside your email, they can reset bank passwords and approve transfers. Within minutes, money leaves your account. Many victims don't realize they've been compromised until hours later.

How to verify if it is genuine

If you suspect a SIM swap has occurred, act immediately — call your mobile network from a different phone (a friend's phone, a landline, or your work phone) and confirm whether your number is still active on your account. Do not use your phone's internet connection, as the attacker controlling your SIM may have access to your data. Contact your bank directly by calling the number on the back of your card (not a number from email or text) and tell them your SIM has been compromised — they can freeze accounts instantly.

If you use email-based authentication, access your email from a computer or tablet to check login activity and recent password changes. Review your email's 'Recently used devices' section to see if the attacker logged in. Change all important passwords from a secure device that is definitely not compromised. For more on verifying genuine communications, see our guide on identifying bank text code scams at Bank Text Messages Not Arriving? How to Fix It and Spot Scams.

What to do if you have already interacted

First, stop using your phone immediately — do not attempt to make calls or access the internet through it, as the attacker controls your number. From a different device or a friend's phone, call your mobile network's fraud department right away and report a SIM swap. Simultaneously, call your bank's fraud team using the number on the back of your card and tell them your phone number has been compromised. Ask them to place a fraud hold on your account and review all recent transactions for unauthorized activity.

Change the password of every important account (email, banking, social media, cryptocurrency) from a secure computer that you control — not from your phone. Enable any additional security features your bank offers, such as 'require in-branch approval for transfers over £X'. Visit your mobile network's physical store with ID to prove your identity and request a new SIM in person. Once you have a new SIM working on your number, change all critical passwords again as a final step. Report the fraud to Action Fraud (0300 123 2040) so it's logged nationally.

Reporting this scam in the UK

Report SIM swap fraud to Action Fraud immediately by calling 0300 123 2040 or visiting actionfraud.police.uk. Provide them with the exact date and time the fraud occurred, the names of accounts that were accessed, the amount of money stolen, and any transactions made. Contact your bank's fraud department separately — they have their own reporting procedures and can sometimes recover money if you act fast enough. Report the incident to your mobile network in writing as well as over the phone; request a formal case reference number.

If you received phishing emails that led to the SIM swap, forward them to the National Cyber Security Centre at report@phishing.gov.uk. If you received suspicious SMS messages from fraudsters attempting to exploit you, forward them to 7726 (the free SMS reporting service). Contact Citizens Advice on 0808 223 1133 if you need guidance on disputing unauthorized transactions with your bank. Keep copies of all emails, case references, and correspondence — you'll need these for any potential dispute resolution with your financial institution.

Frequently asked questions

Can my mobile network legitimately ask me to verify my identity over the phone before doing a SIM swap?

Yes — your network should always verify your identity before transferring your number. However, they will ask standard security questions (address, date of birth, last four digits of your bank account, memorable word). Be very cautious if someone calls you claiming to be from your network and asks for passwords, PINs, or full card numbers — legitimate networks never ask for these. If in doubt, hang up, find the number on your bill, and call the network back yourself.

If the scammer has already transferred money out of my account, can I get it back?

Contact your bank's fraud team immediately — the sooner you report it, the better chance they have of freezing the transaction or recovering it. UK banks are legally required to reimburse you for unauthorized transactions in most cases, but speed is critical because once money reaches another bank account (especially overseas), it becomes much harder to recover. Many banks can reverse transfers within hours if reported quickly. Keep all evidence (transaction records, case references from Action Fraud) for your bank's dispute process.

How do criminals get my personal information in the first place to convince my mobile network I am me?

Criminals buy bulk datasets of stolen UK personal information from the dark web — these come from data breaches at retailers, employers, and government databases. They may also use social media (LinkedIn, Facebook) to piece together your details, or they perform 'social engineering' by calling you pretending to be from a utility company or the HMRC to trick you into revealing information. Your best defence is to limit what you share publicly online and be extremely suspicious of any unsolicited calls asking for personal details.

How do I report a SIM swap attempt or fraud in the UK?

Call Action Fraud on 0300 123 2040 or report online at actionfraud.police.uk. Report it to your mobile network's fraud department immediately by phone. Contact your bank's fraud team right away. If you received phishing emails, forward them to report@phishing.gov.uk. If you received suspicious SMS messages, forward them to 7726. Provide as much detail as possible: the date, time, accounts affected, amounts stolen, and the name of anyone you spoke to at your network or bank.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.

Reviewed against current UK reporting guidance from Action Fraud, the National Cyber Security Centre, and Citizens Advice. Last reviewed 2026-05-20. Read about how Beat the Scam writes guides.